headlamp-polaris-plugin

privilegedescalation/headlamp-polaris-plugin

Archived

Fork 0

Commit Graph

Author	SHA1	Message	Date
Hugh Hackman	e679216660	fix(e2e): replace helm upgrade with kubectl patch to avoid cluster RBAC The CI runner SA cannot access cluster-scoped resources (ClusterRole, ClusterRoleBinding) needed by helm upgrade's 3-way merge. Replace the helm upgrade step with kubectl patch commands that add the shared volume mount directly to the Headlamp deployment. This eliminates the need for cluster-admin intervention: - kubectl patch adds PVC volume + volumeMount to the deployment - kubectl set env configures the plugins directory - kubectl rollout status waits for the update Also removes the now-unnecessary ClusterRole/ClusterRoleBinding from the RBAC manifest — only namespace-scoped Role/RoleBinding is needed. Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-03-17 17:07:38 +00:00
Hugh Hackman	d5d16b2fe3	fix(e2e): add cluster-scoped RBAC for CI runner The Headlamp Helm chart manages ClusterRole and ClusterRoleBinding resources. The CI runner SA needs cluster-level permissions to get/update these during helm upgrade. Added ClusterRole and ClusterRoleBinding alongside the existing namespace-scoped Role. Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-03-17 12:41:24 +00:00
Hugh Hackman	e9f3fdc971	chore: add RBAC manifest for E2E CI runner Documents the Role and RoleBinding applied to the cluster for the ARC runner service account. Grants permissions in kube-system needed for shared volume plugin deployment (PVCs, pods, Helm resources). Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-03-17 12:18:36 +00:00

Author

SHA1

Message

Date

Hugh Hackman

e679216660

fix(e2e): replace helm upgrade with kubectl patch to avoid cluster RBAC

The CI runner SA cannot access cluster-scoped resources (ClusterRole,
ClusterRoleBinding) needed by helm upgrade's 3-way merge. Replace the
helm upgrade step with kubectl patch commands that add the shared volume
mount directly to the Headlamp deployment.

This eliminates the need for cluster-admin intervention:
- kubectl patch adds PVC volume + volumeMount to the deployment
- kubectl set env configures the plugins directory
- kubectl rollout status waits for the update

Also removes the now-unnecessary ClusterRole/ClusterRoleBinding from the
RBAC manifest — only namespace-scoped Role/RoleBinding is needed.

Co-Authored-By: Paperclip <noreply@paperclip.ing>

2026-03-17 17:07:38 +00:00

Hugh Hackman

d5d16b2fe3

fix(e2e): add cluster-scoped RBAC for CI runner

The Headlamp Helm chart manages ClusterRole and ClusterRoleBinding
resources. The CI runner SA needs cluster-level permissions to
get/update these during helm upgrade. Added ClusterRole and
ClusterRoleBinding alongside the existing namespace-scoped Role.

Co-Authored-By: Paperclip <noreply@paperclip.ing>

2026-03-17 12:41:24 +00:00

Hugh Hackman

e9f3fdc971

chore: add RBAC manifest for E2E CI runner

Documents the Role and RoleBinding applied to the cluster for the ARC
runner service account. Grants permissions in kube-system needed for
shared volume plugin deployment (PVCs, pods, Helm resources).

Co-Authored-By: Paperclip <noreply@paperclip.ing>

2026-03-17 12:18:36 +00:00

3 Commits